I am a blockchain engineer with experience across the development cycle. My areas of expertise include security, quality engineering, development, test tooling, and test automation. I'm also a Gitcoin KERNEL Fellow.
I have a range of quality engineering experience which includes functional testing, security testing, test planning, automated test development, along with the integration of workflow and test tooling for the team -- some of which from third party vendors, with another being a project of my own.
I am knowledgable of current QE processes. I am equally, if not more comfortable with opening up a code editor alongside of a test session to obtain insight that can only be gained by looking under the hood.
Perhaps more importantly, I am aware of the impact that a well-designed and thorough quality engineering program can have on the number of bugs or defects. Even those that are related to security.
Contact me to go over your project's quality engineering needs.
Blockchain applications (dApps) need to be more thoroughly tested than comparable web2 apps.
While all software should be tested to minimize risks and maximize user experience, due to the immutability of public blockchains, a dApp or smart contract deployed to mainnet with an overlooked vulnerability will forever remain in the wild, putting users and their funds at risk. This is extremely dangerous, given the large sums of crypto assets at stake across many projects.
I bring to the table a unique mix of development, QA, application security,--> and blockchain skills, which grant me an edge over auditors from other tech backgrounds and developers from non-blockchain or non-security backgrounds.
Feel free to contact me anyway, I would be happy to go over how I might be able to help improve your security posture and maximize the impact of any planned or upcoming audits.
I am highly motivated by studying the ways in which software behavior can differ from what the end user might expect.
Many vulnerabilities can be uncovered using static and dynamic analysis techniques on either the underlying source code or binaries. My time reviewing bug bounty vulnerability submissions showed me that these vulnerabilities do not always present themselves in places that can be directly affected by users. Nevertheless, their potential to chain with other vulnerabilities necessitates their mitigation as well.
Among my vulnerability findings include reflected and stored XSS, SQL injections, and a particularly interesting multipart session vulnerability in a learning management system. To see more about my disclosures and mitigations, scroll down to the Projects section.
TraceLabs is a nonprofit organization which does incredible work in the collection and analysis of open source intelligence to aid in missing person searches.
Be sure to visit their events page and join their Slack community to get involved.
Feel free to send me an email, connect with me on LinkedIn, or view my GitHub profile.
A non-exhaustive collection of tools and projects I have found helpful.